From a5a8895f497e4c274870e4519c5526542c91dc27 Mon Sep 17 00:00:00 2001
From: Loui Chang <louipc.ist@gmail.com>
Date: Wed, 6 Feb 2008 19:16:21 -0500
Subject: Put login into its own function.

Utilise login form template.
Also cleaned up a couple notices.

Signed-off-by: Loui Chang <louipc.ist@gmail.com>
Signed-off-by: Simo Leone <simo@archlinux.org>
---
 web/html/account.php        |  2 +-
 web/lib/acctfuncs.inc       |  1 -
 web/lib/aur.inc             | 72 +++++----------------------------------------
 web/template/header.php     | 19 +-----------
 web/template/login_form.php | 53 +++++++++++++++------------------
 5 files changed, 33 insertions(+), 114 deletions(-)

diff --git a/web/html/account.php b/web/html/account.php
index 9c1eb313..b46ad554 100644
--- a/web/html/account.php
+++ b/web/html/account.php
@@ -3,7 +3,7 @@
 set_include_path(get_include_path() . PATH_SEPARATOR . '../lib' . PATH_SEPARATOR . '../lang');
 
 include("aur.inc");         # access AUR common functions
-include("acctfuncs.inc");   # access Account specific functions
+include_once("acctfuncs.inc");   # access Account specific functions
 include("pkgfuncs_po.inc"); # Add to handle the i18n of My Packages
 include("account_po.inc");  # use some form of this for i18n support
 set_lang();                 # this sets up the visitor's language
diff --git a/web/lib/acctfuncs.inc b/web/lib/acctfuncs.inc
index 2968adbb..29c80deb 100644
--- a/web/lib/acctfuncs.inc
+++ b/web/lib/acctfuncs.inc
@@ -603,7 +603,6 @@ function display_account_info($U="",$T="",
 /*
  * Returns SID (Session ID) and error (error message) in an array
  * SID of 0 means login failed.
- * There should be a better way of doing this...I think
  */
 function try_login() {
 	$login_error = ""; 
diff --git a/web/lib/aur.inc b/web/lib/aur.inc
index e7e8c494..168fa4b4 100644
--- a/web/lib/aur.inc
+++ b/web/lib/aur.inc
@@ -9,6 +9,7 @@ include_once("config.inc");
 include_once("aur_po.inc");
 // TODO: remove this, move translations over for login form
 include_once("index_po.inc");
+include_once("acctfuncs.inc");
 
 # TODO do we need to set the domain on cookies?  I seem to remember some
 # security concerns about not using domains - but it's not like
@@ -71,7 +72,7 @@ function check_sid() {
 	global $_COOKIE;
 	global $LOGIN_TIMEOUT;
 
-	if ($_COOKIE["AURSID"]) {
+	if (isset($_COOKIE["AURSID"])) {
 		$failed = 0;
 		# the visitor is logged in, try and update the session
 		#
@@ -285,18 +286,18 @@ function set_lang() {
 	global $SUPPORTED_LANGS;
 
 	$update_cookie = 0;
-	if ($_REQUEST['setlang']) {
+	if (isset($_REQUEST['setlang'])) {
 		# visitor is requesting a language change
 		#
 		$LANG = $_REQUEST['setlang'];
 		$update_cookie = 1;
 
-	} elseif ($_COOKIE['AURLANG']) {
+	} elseif (isset($_COOKIE['AURLANG'])) {
 		# If a cookie is set, use that
 		#
 		$LANG = $_COOKIE['AURLANG'];
 
-	} elseif ($_COOKIE["AURSID"]) {
+	} elseif (isset($_COOKIE["AURSID"])) {
 		$dbh = db_connect();
 		$q = "SELECT LangPreference FROM Users, Sessions ";
 		$q.= "WHERE Users.ID = Sessions.UsersID ";
@@ -334,67 +335,8 @@ function html_header($title="") {
 	global $LANG;
 	global $SUPPORTED_LANGS;
 
-	$login_error = "";
-	if (isset($_POST["user"]) || isset($_POST["pass"])) {
-		# Attempting to log in
-		#
-		if (!isset($_POST["user"]) || $_POST['user'] === "") {
-			$login_error = __("You must supply a username.");
-		}
-		if ((!isset($_POST["pass"]) || $_POST['pass'] === "") && empty($login_error)) {
-			$login_error = __("You must supply a password.");
-		}
-		if (!$login_error) {
-			# Try and authenticate the user
-			#
-
-			#md5 hash it
-			$_POST["pass"] = md5($_POST["pass"]);
-			$dbh = db_connect();
-			$q = "SELECT ID, Suspended FROM Users ";
-			$q.= "WHERE Username = '" . mysql_real_escape_string($_POST["user"]) . "' ";
-			$q.= "AND Passwd = '" . mysql_real_escape_string($_POST["pass"]) . "'";
-			$result = db_query($q, $dbh);
-			if (!$result) {
-                $login_error = __("Login failure: Bad user or pass.");
-			} else {
-				$row = mysql_fetch_row($result);
-				if (empty($row)) {
-				    $login_error = __("Login failure: Bad user or pass.");
-				} elseif ($row[1]) {
-					$login_error = __("Your account has been suspended.");
-				}
-			}
-
-			if (!$login_error) {
-				# Account looks good.  Generate a SID and store it.
-				#
-				$logged_in = 0;
-				$num_tries = 0;
-				while (!$logged_in && $num_tries < 5) {
-					$new_sid = new_sid();
-					$q = "INSERT INTO Sessions (UsersID, SessionID, LastUpdateTS) ";
-					$q.="VALUES (". $row[0]. ", '" . $new_sid . "', UNIX_TIMESTAMP())";
-					$result = db_query($q, $dbh);
-					# Query will fail if $new_sid is not unique
-					#
-					if ($result) {
-						$logged_in = 1;
-						break;
-					}
-					$num_tries++;
-				}
-				if ($logged_in) {
-					# set our SID cookie
-					#
-					setcookie("AURSID", $new_sid, 0, "/");
-					$_COOKIE['AURSID'] = $new_sid;
-				} else {
-					$login_error = __("Error trying to generate session id.");
-				}
-			}
-		}
-	}
+	$login = try_login();
+  $login_error = $login['error'];
 
 	$title = htmlspecialchars($title, ENT_QUOTES);
 
diff --git a/web/template/header.php b/web/template/header.php
index 488d2906..ea8d43d8 100644
--- a/web/template/header.php
+++ b/web/template/header.php
@@ -82,24 +82,7 @@ foreach ($SUPPORTED_LANGS as $lang => $lang_name) {
 ?>
         </ul>
         </span>
-        <span id="login_bar">
-<?php
-if (isset($_COOKIE["AURSID"])) {
-  print __("Logged-in as: %h%s%h",
-			array("<b>", username_from_sid($_COOKIE["AURSID"]), "</b>"));
-} else {
-	if ($login_error) {
-		print "<span class='error'>" . $login_error . "</span><br />\n";
-    } ?>
-        <form method='post'>
-         <?php print __("Username:"); ?>
-          <input type='text' name='user' size='30' maxlength='64' value='<?php if (isset($_POST['user'])) { print htmlspecialchars($_POST['user'], ENT_QUOTES); } ?>'>
-         <?php print __("Password:"); ?>
-          <input type='password' name='pass' size='30' maxlength='32'>
-          <input type='submit' class='button' value='<?php  print __("Login"); ?>'>
-        </form>
-<?php } ?>
-        </span>
+	<?php include("login_form.php"); ?>
       </div>
     </div>
     <div id="maincontent">
diff --git a/web/template/login_form.php b/web/template/login_form.php
index 89f11c1e..7fd40fb0 100644
--- a/web/template/login_form.php
+++ b/web/template/login_form.php
@@ -1,33 +1,28 @@
+<span id="login_bar">
 <?php
-# Now present the user login stuff
-if (!isset($_COOKIE["AURSID"])):
-
-	# the user is not logged in, give them login widgets
-	#
-	if (!empty($login['error'])) {
-		print '<div class="error">' . $login['error']
-			. '</div>';
-	}
-?>
-
-	<form action="<?php print $_SERVER['PHP_SELF']; ?>" method="post">
-	<label class="lbox"><?php print __("Username"); ?><br />
-	<input type="text" name="user" size="30"
-	 maxlength="<?php print USERNAME_MAX_LEN;?>"></label>
-
-	<label class="lbox"><?php print  __("Password"); ?><br />
-	<input type="password" name="passwd" size="30"
-	 maxlength="<?php print PASSWD_MAX_LEN; ?>"></label>
-	<br />
-	<input type="submit" class="button"
-	value="<?php print __("Login"); ?>">
-	</form>
-
-<?php 
-else:
+if (isset($_COOKIE["AURSID"])) {
 	print __("Logged-in as: %h%s%h",
 		array("<b>", username_from_sid($_COOKIE["AURSID"]), "</b>"));
-endif; 
+}
+else {
+	if ($login_error) {
+		print "<span class='error'>" . $login_error . "</span><br />\n";
+	} ?>
+        <form method='post'>
+         <?php print __("Username:"); ?>
+	<input type='text' name='user' size='30'
+		maxlength="<?php print USERNAME_MAX_LEN; ?>"
+		value='<?php
+			if (isset($_POST['user'])) {
+				print htmlspecialchars($_POST['user'], ENT_QUOTES);
+			 } ?>'>
+         <?php print __("Password:"); ?>
+	<input type='password' name='passwd' size='30'
+		maxlength="<?php print PASSWD_MAX_LEN; ?>">
+	<input type='submit' class='button'
+		 value='<?php  print __("Login"); ?>'>
+</form>
+<?php } ?>
+</span>
+
 
-# vim: ts=2 sw=2 noet ft=php
-?>
-- 
cgit v1.2.3-24-g4f1b